encryption:luks-partition
Table of Contents
LUKS Encrypted Partition
Change LUKS Partition Password
- Find the drive with the luks headers:
cat /etc/crypttab
- Find the partition using the disk label from the previous command:
sudo fdisk -l /dev/sda
- If it is listed by uuid, use:
ls -l /dev/disk/by-uuid/{insert your uuid here}
- Verify the Keyslots used:
sudo cryptsetup luksDump /dev/sda5
- Test passphrase:
sudo cryptsetup --verbose open --test-passphrase /dev/sda5
- Change Keyslot 0's key:
sudo cryptsetup luksChangeKey /dev/sda5 -S 0
- Verify new passphrase:
sudo cryptsetup --verbose open --test-passphrase /dev/sda5
Unlock LUKS Partition from GRUB
- Insert luks module:
grub rescue> insmod luks
- List all divices:
grub rescue> ls
- Mount encrypted
/boot/
partition:grub rescue> cryptomount (hd0,gpt2)
- To use uuid instead, use the
-u
option:grub rescue> cryptomount -u 8f5fc81c-41bb-11ec-81d3-0242ac130003
- Enter passphrase:
Attempting to decrypt master key... Enter passphrase for hd0,gpt2 (<disk uuid>):
- Output on success:
Slot 3 opened
- Insert LVM Module:
grub rescue> insmod lvm
- Load module for normal boot:
grub rescue> insmod normal
- Boot:
grub rescue> normal
Links
encryption/luks-partition.txt · Last modified: 2021/11/10 00:17 by chuck